METHOD OF DYNAMICALLY ASSIGNING NETWORK ACCESS PRIVILEGES 

BACKGROUND OF THE INVENTION 

Field of Invention 

The invention relates to a method of assigning network access privileges and, in 
particular, to a method that distribute system resources as the number of access routines 
increases or decreases. 

Related Art 

The storage server is a public space in a network environment. It is widely used in 
local area networks (LAN's) or the Internet, allowing several clients or user accounts to 
access data. Although this access mechanism is convenient, there are many situations 
where the storage server is used for private purposes. Generally speaking, the data stored 
in the storage server should be public related files. Due to difficulties in management, the 
storage server is often misused by individuals in sizeable companies or enterprises. For 
example, mp3 files, games, private pictures or even private digital audio/video (AV) files 
are often stored in the server. If an employee has to perform an access process in order to 
complete an assigned job, its access may be delayed because some unknown user in the 
access control list of the storage server is accessing a large digital AV file at the same time. 
On the other hand, storing non-business related files in the storage server also wastes the 
resources of the company. 

To address this problem, a privilege management method has been proposed in the 
prior art. The method defines in the database a list of certain people who are allowed to 
access specific data. Using the concept of weights, some users are assigned with higher 
privileges for the convenience of management. Not all users online can access any data. 
Thus, in order to access certain files, the user not only has to be in the file management list 
but also has to obtain a suitable privilege through some kind of mechanism or verification. 
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Although this method is ideal for small companies or teams, it does not disclose in detail 
the privilege assigning mechanism for big companies that have many users accessing data 
continuously. It does not provide a solution when multiple users are using system 
resources simultaneously. Therefore, there may be problems such as that system resources 
5 cannot be flexibly distributed if a particular user is in an emergency to access data or that a 
user is disconnected because his or her privilege is not high enough. 

SUMMARY OF THE INVENTION 

The invention provides a method to effectively avoid private uses of the public storage 
server. For the issue of access control . list when simultaneous accesses occur, the 

10 invention makes an efficient distribution of the system resources under the premise that no 
other access routines are interrupted. To solve the foregoing problems, the invention 
provides a method of dynamically assigning network access privileges. According to the 
contents of the access request command, the method assigns privilege parameters 
corresponding to the access target, the command sending source, and the command sending 

15 time. Finally, the privilege parameters are summed up to produce an access privilege list. 
Using the access privilege list, the system dynamically distributes system resources after 
each new access is finished. 

Using the invention, the system can have a strategic gauge through the self-defined 
privilege table to effectively prevent those accesses unrelated to business. When 
20 simultaneous multiple accesses occur, the invention allows the users to share the network 
without interrupting any access by brutal force. Therefore, the invention can make the 
network access usage more reasonable and efficient. 

BRIEF DESCRIPTION OF THE DRAWINGS 

The invention will become more fully understood from the detailed description given 
25 hereinbelow illustration only, and thus are not limitative of the present invention, and 
wherein: 
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FIG. 1 is a schematic view showing the disclosed network environment; 

FIG. 2 is a flowchart of the disclosed method of dynamically assigning network access 
privileges; 

FIG. 3 is a flowchart of the steps in the sorting mechanism; and 

5 FIG. 4 is an embodiment of the invention. 

DETAILED DESCRIPTION OF THE INVENTION 

Suppose there are several clients 10, 20, 30 sharing data stored in a storage server 100 
using the Internet or a local area network (LAN). Each user has a network access account. 
Each client has its own network address for uploading to and downloading from the storage 
10 server 100. 

Suppose several user clients 10, 20 already access jobs in the access control list on the 
storage server 100. When a new client 30 wants to send an access message to the storage 
server 100, the system follows the disclosed method to dynamically assigning the network 
access privileges. First, more than one privilege parameter tables are established on the 

15 storage server (step 200). The spirit of the invention is to define a weighted standard 
according to the access target, the sending source of the access request command, and the 
sending time of the access command in order for the access job with the highest weighted 
privilege parameter to have the highest priority. In other word, more system resources are 
granted for the job. The privilege table basically has two fields: one has the defining 

20 target, such as the access target, the sending source of the request access command, and the 
sending time of the access command; and the other has the corresponding weighted 
parameter, which is defined according to its type. 

In step 300, the system accepts the request access command. When each of the users 
at clients 10, 20, 30 wants to access data, a access request command is first sent from the 
25 user. The user has to wait for the reply from the storage server 100. The command 
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includes the information of the storage target, the sending source of the access command, 
and the sending time of the access command. The storage target further contains such 
information as the file type, the file size, and the estimated accessing time that are to be 
used as references for determining the privilege. For example, one can assign the .PDF 
5 files with the highest weight and the .DOC files are the next. The standard and file types 
are defined by the enterprise itself so that business-related accesses obtain the highest 
processing privileges. Moreover, since large-size file transmissions generally affect the 
network quality and slow down access actions of other users, one can also assign a lower 
weight to such accesses. This arrangement enables the system to finish quick and easy 
10 jobs. As the network quality is kept well during the whole process, delays of urgent and 
small file transmissions can be avoided. 

Besides, the sending source of the access command is also a consideration. Since 
there are different levels in a company, the importance and values of a job naturally 
increase with the position of the user in the company. If a user with a higher position in a 
15 company cannot obtain a higher priority in the access control list during multiple accesses, 
then he or she cannot make prompt decisions due to the delay of retrieving important data. 
Therefore, the invention assigns different weight parameters to users according to their 
position in the company. The user's network ID is used to identify his or her position in 
the company. One can also use the IP address of each computer to determine the identity. 

20 According to the privilege parameter table and the access request command, a sorting 

mechanism is used to generate an access privilege list (step 400). The contents of the 
access request command have several weight parameters, the sum of which is sorted to 
generate an access privilege list (see FIG. 3). The sorting mechanism includes the 
following steps. First, the system reads the access request command and obtains the 

25 corresponding weight parameter from the privilege parameter tables according to the 
command (step 410). In other words, the access request command is analyzed to obtain a 
weight parameter for each of the predefined target. The weight parameters are then 
summed up (step 420). That is, an addition subroutine is employed to add up all the 
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weight parameters belonging to the access command, obtaining a privilege value. The 
weight parameter sum is used to update the access privilege list (step 430). The access 
privilege list has at least three fields. One is the weight value, the sum of all the weight 
parameters. Another is the access process name, which is also the ID of the access 
5 command. The other is the system resource percentage. Whenever a new access process 
is added into the access privilege list or an existing access process finishes, all the 
above-mentioned three fields are updated at the same time. This is the feature of the 
dynamical assignment disclosed by the invention. 

In step 500, the system distributes the system resources according to the access 
privilege list and executes access processes. The access privilege list indicates the weight 
value of each access process. The system distributes the system resources according to the 
weight values. The distribution method disclosed by the invention is dynamical. The 
weight values of all the access processes are added up to a total weight value. The weight 
value of each access process is divided by the total weight value to obtain a dynamical 
distribution percentage. The system then uses the dynamical distribution percentage as the 
reference for the CPU to schedule access processes. This method is particular useful for 
processing simultaneous multiple accesses. The finite bandwidth of the network can be 
thus optimized for public uses in a flexible way. On the other hand, for those processes 
unrelated to the business, such as downloading MP3 or AV files, the system slows down 
their efficiencies to discourage such processes. Moreover, users with existing processes 
are not interrupted by new users because of the new users have higher privileges. 

In the following, we use an embodiment to describe the procedure flow of the invention. 
With reference to FIG. 4, suppose an access request command is sent out. The access 
target is a text file (.DOC format), the sending source of the access command is a manager, 
25 and the file size is smaller than 4MB. After the sorting process, the privilege value is 
determined to be 22, corresponding to the process F as shown in the access privilege list 80. 
Before executing the command, there are already processes A, B, C, D and E in the control 
list. The invention dynamically assigns a new set of privilege values to all the existing 



10 



15 



20 



5 



processes, updating from the original access privilege list 70 to the new access privilege list 
80. 

Certain variations would be apparent to those skilled in the art, which variations are 
considered within the spirit and scope of the claimed invention. 
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